{# DISPLAY #}
{% set title = 'Automatic Redirect' %}
{% set display_message = true %}
{% set display_image = true %}
{% set image_height = '400px' %}
{% set image_width = '400px' %}

{# CSRF #}
{% set csrf = false %}
{% set target_url = 'https://github.com/securestate/king-phisher' %}

{# 
  MODIFYING CSRF PARAMETERS 
  Example: If the vulnerable site uses 'login_name' instead of 'username',
  the do extension would look like: 'login_name': request.parameters['username']
#}
{% do
  request.parameters.update({
    'username': request.parameters['username'],
    'password': request.parameters['password']
  })
%}

<!DOCTYPE html>
<html>
  <head>
    {% if not csrf %}
    <meta http-equiv="refresh" content="0;url={{ target_url }}" />
    {% endif %}
    <script src="/kp.js" type="text/javascript"></script>
    <style type="text/css">
      body { background-color: #101010; }
    </style>
    <title>{{ title }}</title>
  </head>
  {% if csrf %}
  <body onload="document.getElementById('main-form').submit()">
    <form id="main-form" action="{{ target_url }}" method="POST">
      {% for key, value in request.parameters.items() %}
      <input type="hidden" name="{{ key }}" value="{{ value }}" />
      {% endfor %}
    </form>
  {% else %}
  <body>
  {% endif %}
    <div style="color: #f8f8f8; font-size: 2em; font-weight: bold; padding-top: 2em; text-align: center;">
      {% if display_message %}
      {{ title }}
      {% endif %}
    </div>
    <div style="color: #c8c8c8; font-size: 1.25em; text-align: center; ">
    {% if display_image %}
    <img alt="spinner-dark.svg" height="{{ image_height }}" width="{{ image_width }}" src="">
    {% endif %}
    {% if display_message %}
    <p>The content you are looking for has been moved.</p>
    <p>If you are not redirected automatically then <a href="{{ target_url }}" style="color: #c8c8c8;">click here</a> to proceed.</p>
    {% endif %}
    </div>
  </body>
</html>
